For the request
, Whois
, session
, and user-agent
objects, every string value should be enclosed in a single-quotes '
and not in double-quotes "
.
Attribute | Type | Description | Compiled source field |
---|---|---|---|
headers | dict | Request headers | |
ip | string | Client IP | request.ip request.ip == '117.20.32.5' || request.ip == '117.20.32.4' |
uri | string | Domain's URI (URL path + arguments) | request.uri ('/prehistoric/monotony/monotony.phtml' or '/amfphp/services') in request.uri |
path | string | Domain’s URL path | request.path request.path in ['/process_neopet_desc.phtml', '/modify_neomessages.phtml'] |
method | string | HTTP method (uppercase). | request.method request.method == 'OPTION' |
origin_ip | string | Web application server IP | request.origin_ip request.origin_ip == '120.36.54.1' |
ja3 | string | TLS fingerprint. | request.ja3 request.ja3 == 'e2925c27149b0d0dc34373d55040dde1' or request.ja3 == '3e9b20610098b6c9bff953856e58016a' or request.ja3 == '7d671906ed4a1edac3262a54676dacfa' |
http_version | string | Represents HTTP version | request.http_version request.http_version in ['1.1'] |
is_api() | function | Returns true if the request is API | request.is_api() |
is_ajax() | function | Returns true if the request is AJAX | request.is_ajax() |
is_static() | function | Returns true if the request is static |
request.is_static() |
ip_in_range | function | Returns true if client IP is within the specified range |
request.ip_in_range( request.ip_in_range('72.21.217.0', '72.21.217.255') or request.ip_in_range('2409:4072:6c8c:e228:ecaf:ce2c:fd7d:0000', '2409:4072:6c8c:e228:ecaf:ce2c:fd7d:4780') |
rate_limit | function | Returns true if the rate limit is exceeded for these parameters (the scope is 'ip'/'cluster'). For parameter descriptions, check out the Rate limiting guide. |
rate_limit( [ip url interval requests [method [status_code content_type scope ) example: request.rate_limit([], '/', 5, 200, ['GET', 'HEAD'], [], 'text/html; charset=', 'ip') |
Attribute | Type | Description | Compiled source field |
---|---|---|---|
country | string | Two-letter country code (uppercase). | whois.country whois.country in ['BR', 'VN', 'ID'] |
org | string | Organization name from the WHOIS database. | whois.org whois.org in ['Google Inc', 'Google Inc.', 'Google LLC', 'Google Incorporated'] |
owner_type | string | Owner type of the range. | whois.owner_type whois.owner_type != 'hosting services' |
Attribute | Type | Description | Compiled source field |
---|---|---|---|
request_counter | int | Sequential number of the request within the session. | session.session_request_counter session.request_counter > 1000 |
profiling_status | string | Client’s fingerprint profiling status. Values:
| session.profiling_status session.profiling_status == 'idle' |
Attribute | Type | Description | Compiled source field |
---|---|---|---|
status | int | HTTP status code | response.status |
headers | dict | Response headers | response.headers['Access-Control-Allow-Credentials'] == 'true' |
Attribute | Type | Description | Compiled source field |
---|---|---|---|
exists(tag |
function | Returns true if the tag exists. |
tags.exists( tags.any([ tags.all([ tags.any(['proxynetwork','hostingservices']) tags.exists('penalty') |
any([tag |
function | Returns true if any of the tags exists. |
|
all([tag |
function | Returns true if all tags exist. |
The ua_parsed table contains user agent information collected by WAAP from the source of the logged request.
Attribute | Type | Description | Compiled source field |
---|---|---|---|
engine | string | The client engine. For example, Gecko. | user_agent.engine |
client | string | The name of the client. An example of client name is "Firefox". | user_agent.client |
client_type | string | The type of client. Optional values: Major browser, NA, Lib, Crawler, Custom browser, mobile app, Headless browser, Bot, Application, mail client, Site monitoring, RSS reader, Game console, Text browser, Network diagnostics, certificate authority, paying service. | user_agent.client_type 'major browser' in user_agent.client_type |
client_version | string | The client engine's version. | user_agent.client_version |
client_version_float | string | A possibly truncated version of the client browser engine's version. | user_agent.client_version_float |
os | string | The client computer's operating system. An example of os is "Mac OS X 10.14". | user_agent.os |
cpu | string | The client computer's CPU. An example of CPU is "Intel". | user_agent.cpu |
device | string | Information about the client device. An example of a device is "mac". | user_agent.device |
device_type | string | Additional information about the client device. Optional values:
|
user_agent.device_type user_agent.device_type == 'na' |
Attribute | Type | Description | Compiled source field |
---|---|---|---|
fingerprint['hash'] | dict | A table that contains fingerprint information about the request (the information is collected by WAAP with injected JavaScript):
client_data.fingerprint == 'kvd8oxizrdl-41-37zpvwqrr-5tzoaavgfr7-v2osmr4iefe-noieo-90.3095389639745667' |
client_data.fingerprint['hash']client_data.fingerprint['hash'] == '9be394dca715eca8e42783397a507d2e' |
fingerprint['js'] | dict | client_data.fingerprint['js'] | |
fingerprint['flash'] | dict | client_data.fingerprint['flash'] | |
fingerprint['header'] | dict | client_data.fingerprint['header'] |
Was this article helpful?